During our examination of web pages linked to unreliable advertising networks, we encountered heavypcprotection[.]com. Our investigation revealed that heavypcprotection[.]com is an untrustworthy website known for promoting the "McAfee - Your PC is infected with 5 viruses!" scam. Furthermore, heavy
Sqoo search engine is the name of an extension that operates as a browser hijacker. This piece of software makes changes to browser settings in order to generate redirects that go through the sharesceral.uno and sqoo.co fake search engines. Additionally, this browser extension spies on users' brow
During a routine inspection of new submissions to VirusTotal, our researchers found the PrimaryRemote application. Our examination revealed that this app operates as advertising-supported software (adware). We also determined that PrimaryRemote is part of the AdLoad malware family. Adwar
PrimaryBuffer is a rogue application that our research team discovered while investigating new submissions to VirusTotal. After examining this piece of software, we determined that it is adware belonging to be AdLoad malware family. Adware stands for advertising-supported software. Its p
Bfjaxi[.]cfd is a shady website that our team encountered while examining sites that use rogue advertising networks. While inspecting bfjaxi[.]cfd, we noticed that this website uses a deceptive approach to receive permission to show notifications. It is worth mentioning that users often land on su
RDStealer is a data-stealing malware written in the Go programming language. This stealer's infection chain includes the Logutil backdoor – a type of malware designed to open a "backdoor" into a system to further the infection. Logutil is likewise based on Go, and it is a cross-platform malware ca
Our team discovered that vanttop[.]com is an untrustworthy page designed to lure visitors into granting it permission to send notifications. Users who visit vanttop[.]com are presented with misleading content (an image and text). It is worth noting that users rarely visit sites like vanttop[.]com
FadeStealer is an information stealer equipped with wiretapping capabilities. Additionally, it incorporates a backdoor created using GoLang, leveraging the Ably platform (a legitimate platform designed for instantaneous data transfer and messaging) as an exploit. It is known that FadeStealer is di
During our investigation of suspicious websites and associated advertisements, we came across a technical support scam site that displays a deceitful pop-up message falsely indicating that the Windows operating system is infected. Such pages are usually created with malicious intentions, aiming to
OnlyFans malware refers to a malware campaign that employs deceptive techniques involving counterfeit OnlyFans content and adult-themed lures. The primary objective of this campaign is to install a Remote Access Trojan (RAT) and potentially other forms of malware on the targeted systems. A RAT is